Add Watchflow governance rules (5 rules, 2 high-priority)

[dkargatzis]

Add Watchflow Governance Rules

This PR adds automated governance rules for warestack/watchflow based on repository analysis of recent PR history and codebase patterns.

Repository Health Analysis Report: warestack/watchflow

This report provides a data-driven assessment of the current health of the warestack/watchflow repository based on hygiene metrics from the last 30 merged pull requests and repository context.

Metric	Value	Severity	Category	Explanation
Unlinked Issue Rate	40.0%	High	Issue Management	A high percentage of PRs are not linked to issues, reducing traceability and making impact analysis difficult.
Average PR Size	428 lines	Medium	Code Quality	Large PR sizes can hinder effective code review and increase the risk of introducing defects.
First-Time Contributors	0	Medium	Community Health	No contributions from first-time contributors may indicate barriers to entry or low community engagement.
Codeowner Bypass Rate	35.0%	High	Review Process	Over one-third of PRs bypass codeowner review, risking unvetted changes in critical areas.
New Code Test Coverage	0.0%	Critical	Testing	Absence of test coverage on new code is a significant risk for undetected bugs and regressions.
Issue-Diff Mismatch Rate	15.0%	Medium	Issue Management	Mismatches between issues and code diffs can lead to incomplete or incorrect issue resolution.

Summary and Recommendations

• Improve Issue Linking: Enforce linking PRs to issues to enhance traceability and project management.
• Reduce PR Size: Encourage smaller, more focused PRs to facilitate thorough reviews and reduce integration risks.
• Encourage New Contributors: Implement onboarding documentation and contribution guidelines to attract first-time contributors.
• Enforce Codeowner Reviews: Strengthen policies to prevent bypassing codeowner approvals, ensuring critical code is properly reviewed.
• Increase Test Coverage: Prioritize adding automated tests for new code to improve reliability and maintainability.
• Align Issues and Code Changes: Improve processes to ensure code changes correspond accurately to issues, reducing mismatch rates.

Addressing these areas will significantly improve repository health, code quality, and team collaboration effectiveness.

Recommended Rules

require_linked_issue: Block PRs without issue references to improve traceability and reduce drive-by contributions. - High

Rationale: The rule 'require_linked_issue' directly addresses the high Unlinked Issue Rate (40.0%), which impairs traceability and complicates impact analysis, by blocking PRs without linked issues to ensure all changes are properly tracked and reviewed.

max_pr_size: Limit PR size to prevent large, hard-to-review changes and encourage focused contributions. - Medium

Rationale: The max_pr_size rule is recommended to address the medium-severity issue of large PR sizes (average 428 lines), which hinder effective code review and increase the risk of defects. Limiting PR size encourages smaller, more focused contributions, improving review quality and reducing integration risks.

code_owners: Enforce CODEOWNERS approval to prevent bypassing critical code reviews and ensure vetted changes. - High

Rationale: The rule to enforce CODEOWNERS approval directly addresses the high Codeowner Bypass Rate of 35%, mitigating risks of unvetted changes in critical areas and ensuring that all pull requests undergo proper review by designated experts.

required_workflows: Ensure CI workflows pass before merging to maintain code quality and prevent regressions. - Critical

Rationale: The rule to require passing CI workflows before merging directly addresses the critical issue of 0% test coverage on new code by enforcing automated testing and quality checks, thereby preventing regressions and improving overall code reliability.

title_pattern: Enforce Conventional Commits pattern to improve commit message clarity and automation. - Medium

Rationale: Enforcing the Conventional Commits pattern improves commit message clarity and consistency, which supports better traceability and automation, directly addressing the high unlinked issue rate and issue-diff mismatch problems identified in the repository analysis.

Changes

• Adds .watchflow/rules.yaml with the recommended governance rules

Next Steps

1. Review the rules in .watchflow/rules.yaml
2. Adjust parameters if needed
3. Install the Watchflow GitHub App to enable automated enforcement
4. Merge this PR to activate the rules

---

Generated by Watchflow repository analysis.

Summary by CodeRabbit

• Chores
  • Updated pull request governance framework. New enforcement rules require linked issues for all PRs, establish maximum PR size limits, mandate code owner approvals, enforce required workflow checks, and standardize PR title patterns.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request replaces legacy PR governance rules in .watchflow/rules.yaml with a new set of five rules: require_linked_issue, max_pr_size, code_owners, required_workflows, and title_pattern. Each rule is configured with enable, severity, and event_types settings, with empty parameters. Previous rules enforcing PR titles, contributor approval, test requirements, and push restrictions are removed.

Changes

Cohort / File(s)	Summary
Workflow rule updates \.watchflow/rules\.yaml	Replaced 6 legacy PR and push rules with 5 new PR governance rules; each new rule includes enable, severity, event_types (pull_request), and empty parameters; prior open-source hygiene checks removed

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~4 minutes

Poem

🐰 Our rules now flow with purpose true,
Five guardians to see PRs through,
Linked issues dance, sizes take their measure,
Title patterns—a rabbit's governance treasure! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: adding five Watchflow governance rules with two marked as high-priority, which aligns with the primary objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch watchflow/rules

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In @.watchflow/rules.yaml:
- Around line 23-29: The rule block for required_workflows is missing
configuration in the parameters section so it can't enforce anything; update the
rule named "required_workflows" (the entry with description 'required_workflows:
Ensure CI workflows pass...') by populating its parameters with a non-empty list
of workflow identifiers (e.g., add a workflows or required_workflows key
containing the CI job names/IDs that must pass) and validate the names match
your CI workflow filenames/IDs so the rule actually enforces on pull_request
events.
- Around line 30-36: The rule's parameters are empty so the title_pattern check
never runs; add a parameters section including a title_pattern regex that
enforces Conventional Commits (e.g., a regex matching types like feat|fix|chore
etc., optional scope, and a subject) and an optional error_message/description
to surface on failure. Update the rule's parameters key to include title_pattern
(and optionally error_message) so the pull_request event uses that regex when
validating PR titles.
- Around line 9-15: The rule entry for max_pr_size has an empty parameters block
so it doesn't enforce anything; update the rule named max_pr_size to include
concrete parameter keys (for example add integer values for max_lines and/or
max_files) under its parameters section so the rule can enforce limits (e.g.,
parameters: { max_lines: 500, max_files: 50 }); keep the existing enabled,
severity, and event_types fields unchanged.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f5a3be1 and 9eeb374.

📒 Files selected for processing (1)

• .watchflow/rules.yaml

🔇 Additional comments (2)

.watchflow/rules.yaml (2)

2-8: Consider whether require_linked_issue and code_owners need parameters.

These rules have empty parameters. Verify whether Watchflow provides sensible defaults or if configuration is needed (e.g., issue reference patterns like #\d+, fixes #\d+, or specific CODEOWNERS file paths).

Also applies to: 16-22

---

1-36: The parameters objects are empty and need rule-specific configuration.

Watchflow's schema does not require a name or type field; rules are identified by their description and configured through rule-specific parameters. However, the rules in this file all have empty parameters: {}, which will prevent them from functioning. Each rule type needs configuration tailored to its purpose:

• max_pr_size requires max_files and/or max_lines thresholds
• required_workflows requires workflow_names to check
• title_pattern requires a pattern regex to enforce

Populate the parameters based on your governance requirements. See the Watchflow configuration guide for parameter examples per rule type.

Likely an incorrect or invalid review comment.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Empty parameters will prevent max_pr_size from functioning.

The max_pr_size rule has no configured limit. Without specifying the maximum allowed lines or files, this rule cannot enforce any size constraint.

Suggested configuration

 - description: 'max_pr_size: Limit PR size to prevent large, hard-to-review changes
     and encourage focused contributions.'
   enabled: true
   severity: medium
   event_types:
   - pull_request
-  parameters: {}
+  parameters:
+    max_lines: 400
+    max_files: 20

🤖 Prompt for AI Agents

In @.watchflow/rules.yaml around lines 9 - 15, The rule entry for max_pr_size
has an empty parameters block so it doesn't enforce anything; update the rule
named max_pr_size to include concrete parameter keys (for example add integer
values for max_lines and/or max_files) under its parameters section so the rule
can enforce limits (e.g., parameters: { max_lines: 500, max_files: 50 }); keep
the existing enabled, severity, and event_types fields unchanged.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Empty parameters will prevent required_workflows from functioning.

This rule is marked critical but has no workflows specified. Without listing which CI workflows must pass, the rule cannot enforce anything.

Suggested configuration

 - description: 'required_workflows: Ensure CI workflows pass before merging to maintain
     code quality and prevent regressions.'
   enabled: true
   severity: critical
   event_types:
   - pull_request
-  parameters: {}
+  parameters:
+    workflows:
+      - ci
+      - build
+      - test

🤖 Prompt for AI Agents

In @.watchflow/rules.yaml around lines 23 - 29, The rule block for
required_workflows is missing configuration in the parameters section so it
can't enforce anything; update the rule named "required_workflows" (the entry
with description 'required_workflows: Ensure CI workflows pass...') by
populating its parameters with a non-empty list of workflow identifiers (e.g.,
add a workflows or required_workflows key containing the CI job names/IDs that
must pass) and validate the names match your CI workflow filenames/IDs so the
rule actually enforces on pull_request events.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Empty parameters will prevent title_pattern from functioning.

The description states this rule enforces "Conventional Commits pattern" but no regex pattern is provided. The rule needs the actual pattern to validate PR titles against.

Suggested configuration for Conventional Commits

 - description: 'title_pattern: Enforce Conventional Commits pattern to improve commit
     message clarity and automation.'
   enabled: true
   severity: medium
   event_types:
   - pull_request
-  parameters: {}
+  parameters:
+    pattern: '^(feat|fix|docs|style|refactor|perf|test|build|ci|chore|revert)(\(.+\))?: .+'

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- description: 'title_pattern: Enforce Conventional Commits pattern to improve commit
	message clarity and automation.'
	enabled: true
	severity: medium
	event_types:
	- pull_request
	parameters: {}
	- description: 'title_pattern: Enforce Conventional Commits pattern to improve commit
	message clarity and automation.'
	enabled: true
	severity: medium
	event_types:
	- pull_request
	parameters:
	pattern: '^(feat|fix|docs|style|refactor|perf|test|build|ci|chore|revert)(\(.+\))?: .+'

🤖 Prompt for AI Agents

In @.watchflow/rules.yaml around lines 30 - 36, The rule's parameters are empty
so the title_pattern check never runs; add a parameters section including a
title_pattern regex that enforces Conventional Commits (e.g., a regex matching
types like feat|fix|chore etc., optional scope, and a subject) and an optional
error_message/description to surface on failure. Update the rule's parameters
key to include title_pattern (and optionally error_message) so the pull_request
event uses that regex when validating PR titles.